Security News

"Drinking water and wastewater systems are a lifeline for communities, but many systems have not adopted important cybersecurity practices to thwart potential cyberattacks," said EPA Administrator Michael S. Regan. The National Security Council and the Environmental Protection Agency have invited governors to a virtual meeting on March 21 to strengthen collaboration between government entities and water systems and establish a Water Sector Cybersecurity Task Force.

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. Together with the NSA, the FBI, other U.S. government agencies, and partner Five Eyes cybersecurity agencies, including cybersecurity agencies from Australia, Canada, the United Kingdom, and New Zealand, it also issued defense tips on detecting and defending against Volt Typhoon attacks.

The Ukrainian cyber police, in collaboration with investigators from the national police, have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide. The arrested cybercriminals monetized their illicit activities by selling access to compromised accounts to various fraud groups on the darknet.

Threat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential...

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. Specifically, the hackers have compromised 48 government organizations, 10 of which are Foreign Affairs ministries, and targeted another 49 government agencies.

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate...

The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in...

Transitioning to memory-safe languages: Challenges and considerationsIn this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation, discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. LastPass' CIO vision for driving business strategy, innovationRecently, LastPass appointed Asad Siddiqui as its CIO. He brings over two decades of experience leading startups and large technology organizations. MobSF: Open-source security research platform for mobile appsThe Mobile Security Framework is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile.

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. On January 28, 2024, aiohttp released version 3.9.2, addressing CVE-2024-23334, a high-severity path traversal flaw impacting all versions of aiohttp from 3.9.1 and older that allows unauthenticated remote attackers to access files on vulnerable servers.

Cybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called RisePro. The campaign, codenamed gitgub,...